John Anthony Smith: Lack Of Multi-factor Authentication Caused Colonial Pipeline Breach

  • Sunday, June 6, 2021
  • John Anthony Smith
John Anthony Smith
John Anthony Smith

(John Anthony Smith, CEO of the fast-growing Conversant Group on the Southside, advises on Internet security. There have been recent attacks by cyber gangs - first on a U.S. pipeline company, then on a huge beef producer and, mostly recently, a large media group.)

 

Last month, hackers infiltrated Colonial Pipeline’s computer network, which resulted in the massive shutdown of its pipeline.

The pipeline provides nearly one half of the fuel supply for the Southeastern United States. Colonial Pipeline elected to pay a ransom demand of nearly $4 million the same day. The pipeline was shut down for six days, and it resulted in a run on fuel stations throughout the Southeast.

 

In light of upcoming Congressional committee meetings, Colonial Pipeline made Joseph Blount, CEO, and Charles Carmakal, Mandiant senior vice president, available to speak publicly about the causes of the breach.

 

On Friday, Bloomberg reported that a compromised password for an inactive account was used to breach Colonial Pipeline’s network. An unused user account (the user no longer worked for Colonial Pipeline) had not been deactivated, and the account still had access to VPN. The user likely had reused his or her password on non-corporate accounts, which resulted in the user’s password being available on the Darkweb (after compromises of other non-corporate web sites). It isn’t known how the attackers obtained the username; however, it is very easy to obtain usernames via other methods. As an example only (there is no proof of this being used at Colonial Pipeline), Exchange Server Outlook Web Access has error reporting that would allow an attacker to accurately guess a username.

 

The VPN system used to compromise the company’s networks was not protected by multifactor authentication (MFA): at least for the user account that was leveraged in the attack. VPN (virtual private network) is used by many companies to provide remote access to users.

 

On assessment, more than 80 percent of the time, we find externally exposed systems without MFA (including cloud apps), and more than 90 percent of the time, we find poor password/user account hygiene.

 

Defense is always less expensive than recovery: our hand is always extended for either (defense or recovery). Please compute safely.

https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password

* * *

John Anthony Smith can be reached at:

423-305-7890

 

 

 

 

John.Smith@conversantgroup.com

1513 Cowart Street

Chattanooga, TN 37408


 

Breaking News
New Hope Fire Department Disputes TWRA Report On Kayaker Rescues
  • 3/28/2024

New Hope Fire Department Corey Comstock disputed a report by the Tennessee Wildlife Resources Agency about the rescue of 33 kayakers from extremely high winds near Nickajack Cave on Monday. ... more

Woman Dies After Being Seriously Injured In House Fire Thursday Afternoon
Woman Dies After Being Seriously Injured In House Fire Thursday Afternoon
  • 3/28/2024

A woman died after sustaining life-threatening injuries in a house fire on North Moore Road Thursday afternoon and was rescued by Chattanooga firefighters. Hamilton County 911 received a call ... more

Motorcyclist Hit Speeds Of 170 MPH; Posted Video Of Outrunning Police
Motorcyclist Hit Speeds Of 170 MPH; Posted Video Of Outrunning Police
  • 3/28/2024

A motorcyclist fled on Sunday, from a Hamilton County Sheriff’s Office deputy attempting to make a lawful stop on Highway 27. Since that time, the deputy has been working leads to identify the ... more